Google crushes 33 Chrome bugs, pays boffins more than $56k

Uni kid’s turn to shout.
Google has patched 33 Chrome vulnerabilities, including 13 rated high severity, with the release of verison 53 of the world’s most popular web browser.
Six high-severity bugs were reported in Google’s native Adobe Reader wrecker PDFium, namely a use after free and five heap overflows of which three were reported by GiWan Go of mobile app hack outfit Stealien.

Five mostly severe flaws were dug up in the Blink web browser engine including two universal cross-site scripting holes, one use after free, a use after destruction, and a minor type confusion bug.
Massachusetts Institute of Technology computer science student Max Justicz scored US$7500 in beer money for reporting script injection in Chrome extensions.
All told Google doled out US$56,500(£42,568, A$74,860) to hackers reporting bugs and likely more since four have pay outs that are yet to be decided.
Three of those are high severity heap overflows in Chrome’s PDFium and are likely to bag about US$5000 each.

The fourth is a medium severity SMB relay attack that abuses the save page as functionality.
Google has been on an exciting patch run of late, fixing 48 bugs in July.

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.